In this blog post, we talked about the gigantic password leaks that have happened this year.  This leak is arguably more dangerous, and so much more enormentacious that I am running out of adjectives to describe how huge these leaks are.

Researchers at Cybernews who uncovered this story, say that:

What was likely to be a human error exposed 106,316,633 records containing private information about US citizens, raising serious concerns about privacy and safety. Estimates suggest that at least 100 million individuals were affected by this massive data leak.

People and organizations needing background checks have also been exposed, as the data of 2,319,873 users who subscribed to MC2 Data services was leaked.

Data included in the leak includes not only names, emails, and passwords, but:

• Addresses
• Phone numbers
• Dates of birth
• Property Records
• Legal Records
• Employment records
• Information about relatives and neighbors
• and more

Not only is this dangerous information in itself, exposing people to identity theft and all sorts of malicious attacks, but much of it belongs to “high-value targets” such as employers and law enforcement.  When Cybernews broke the story on September 25, 2024, the database was no longer accessible, but we may never know how many people found and accessed the information. 

This is also the second huge data leak from a background check company in the last two months, after the news about how National Public Data lost an estimated 2.9 billion records in the US, UK, and Canada came to light in August.

Companies that hoard personal data clearly need to do a better job or protecting that data, and be held responsible if they don’t. Let’s hope that this negligence opens them up to not only a class-action suit like National Public Data is facing, but enforceable legal requirements for the protection of personally identifiable information across the board.